6 Objetivos de Control ISO Administración de Activos 7. Asset management Control CA Solution Support 7.1 RESPONSIBILITY FOR ASSETS Control objective: To achieve and maintain i appropriate protection of organizational i assets Inventory of assets. CA GovernanceMinder can help to identify & manage current access rights to resources (DB s s, apps, transactions, flies, folders) Ownership of Assets CA GovernanceMinder. can assign an owner to every logical resource Acceptable use of assets Usage of assets can be monitored by CA UARM & CA GovernanceMinder to check acceptable use of assets. 7.2 INFORMATION CLASSIFICATION Control Objectives: To ensure that information receives an appropriate level of protection Classification Guidelines CA DataMinder can assist in the classification of information. Classification of resources (DB s, files, folders, transactions, apps, etc) can be managed by CA GovernanceMinder, which can then be used for allocation of access rights to users Information labeling and handling CA Dataminder can contribute to the process of information labeling and enforcement of how labeled information is controlled. Access rights can be handled based on classification and information labeling with CA GovernanceMinder. 6 Copyright 2013 CA. All rights reserved.

7 ISO : Sección 8 Seguridad sobre el Recurso Humano 8. Control CA Solution Support 8.1 PRIOR TO EMPLOYMENT Control Objective: To ensure that employees, contractors and third party users understand d their responsibilities, i and are suitable for the roles they are considered for, and to reduce the risk of theft, fraud or misuse of facilities Roles and responsibilities CA GovernanceMinder can assist in this process by discovering the existing role model based on the org chart, responsibilities and business needs. 8.2 DURING EMPLOYMENT Control Objective: To ensure that all employees, contractors and third party users are aware of information security threats and concerns, their responsibilities and liabilities, and are equipped to support organizational security policy in the course of their normal work, and to reduce the risk of human error Management responsibilities CA IdentityMinder allows the assignment of roles, access rights, groups thru Services, that could be predefined thru workflows. 8.3 TERMINATION OR CHANGE OF EMPLOYMENT Control objectives: To ensure that employees, contractors and third party users exit an organization or change employment in an orderly manner Termination responsibilities CA IdentityMinder could be use to predefine the workflow sequence to assign responsibilities for performing employment termination or changes. 832Removalof of access rights CA IdentityMinder can automate the removal of access rights from all IT users to information and IT facilities on termination Copyright 2013 CA. All rights reserved. 7

8 ISO : Section 11.2 Gestión de accesos de los usuarios Control CA Solution Support 11.2 USER ACCESS MANAGEMENT Control objective: :To ensure authorised user access and dto prevent unauthorised access to information systems User registration CA Identity Minder provides identity creation and management services through delegated user administration, user self-service, integrated workflow, and a structured administrative model to enable role based access control. It is designed specifically to address the challenges of user management (requesting, establishing, issuing, suspending, and closing of user accounts). CA GovernanceMinder will enable you to quickly build and manage a role model to more efficiently support the management of identities and their IT access. CA CloudMinder/CA d SiteMinder allows for Just in time provisioning i i via SAML Privilege CA Identity Management & Access Governance can manage the allocation, change and management revocation of privileges for each user. CA ControlMinder can manage and enforce the allocation and use of high privilege access to distributed IT systems. CA SiteMinder provides rule and role based access privilege management for web access to information and resources User password management CA IdentityMinder /CA SiteMinder can support the process of password management. Password Services also enable password self-service and forgotten password services for end users Review of user CA Identity Management & Access Governance provides a means of formally reviewing access access rights rights across the organization at regular intervals through its robust audit and reporting capabilities 8 Copyright 2013 CA. All rights reserved.

9 ISO : Sección 11.5 Operación de sistemas de control de acceso 11.5 OPERATING SYSTEM ACCESS CONTROL Control objectives: To prevent unauthorized access to operating systems Secure log-on procedures CA ControlMinder and CA SiteMinder provide secure log on methods and can support third party strong authentication mechanisms such as CA AuthMinder/ CA RiskMinder User identification and authentication Password management system CA IdentityMinder, CA ControlMinder & CA SiteMinder can provide the means of managing and authenticating unique identifiers for user log on under a variety of conditions. CA IdentityMinder provides an interactive means of managing passwords and ensuring password quality. As described in Use of system utilities CA ControlMinder can control the use of system utilities by unauthorized users; including fine grained control of what operations (such as termination) may be performed on those utilities Session time out CA SiteMinder provides session and idle timeouts to protect business and system applications when accessed via the Web Limitation of connection time CA ControlMinder & CA SiteMinder can control the times at which access to high risk systems can be allowed and disallowed. 9 Copyright 2013 CA. All rights reserved.

10 ISO : Sección 10 Gestión de comunicaciones y operaciones Control CA Solution Support 10.1 OPERATIONAL PROCEDURES AND RESPONSIBILITIES Control objectives: To ensure the correct and secure operation of information processing facilities Change Management CA Change Manager capability solution set will provide an automated change control system Segregation of duties This can be enforced through rules in CA IdentityMinder and CA GovernanceMinder as they can implement, document and help enforce segregation of duties rules Separation of development and test The separate test and development facilities can each use CA ControlMinder operational facilities to reduce the risks of unauthorized changes to the operational system MEDIA HANDLING Control objective: To prevent unauthorized disclosure, modification, removal or destruction of assets, and interruptions to business activities Information handling procedures CA ControlMinder can enforce access restrictions to prevent access from unauthorized personnel. CA DataMinder can assist in the classification of the information and can control its movement even by authorized personnel if it is against policy Security of system documentation For documentation held electronically, CA ControlMinder and/or CA SiteMinder Sharepoint can control access to and help pprevent damage to the information. CA DataMinder can also protect system documentation and help prevent it from being distributed to unauthorized personnel. 10 Copyright 2013 CA. All rights reserved.

11 ISO27002 : Sección 10.9 Servicios de Comercio Electrónico 10.9 ELECTRONIC COMMERCE SERVICES Control objective: To ensure the security of electronic commerce services, and their secure use Electronic commerce CA SiteMinder and CA DataMinder contribute to the protection of information in electronic commerce and protect the integrity and confidentiality of that information. CA AuthMinder/CA RiskMinder a llows the use of PKI OTP, digital certificates and Adaptative Authentication can also contribute to this control On line transactions CA SiteMinder can contribute to the protection of online transactions. CA AuthMinder &CARi RiskMinder allows the use of digital it certificates t and PKI should also be considered to help meet the requirements of this control Publicly available information CA SiteMinder, CA DataMinder & CA ControlMinder can help to protect publicly available information from unauthorized modification. 11 Copyright 2013 CA. All rights reserved.

12 ISO27001 Sección 12 Adquisición de sistemas, desarrollo y mantenimiento Control CA Solution Support 12.3 CRYPTOGRAPHIC CONTROLS Control objectives: To protect t the confidentiality, authenticity ti it or integrity it of information by cryptographic means Policy on the use of cryptographic controls 12.4 SECURITY OF SYSTEM FILES Control objectives: To ensure the security of system files Control of operational software Protection of system test data Access control to source code Consultancy services can assist in the development of such a policy. CA DataMinder can be used to help enforce the use of encryption in some communication channels. CA Change and Configuration Management capability solutions can help control the installation of software on operational systems. CA ControlMinder can provide the protection of the software in operation. CA ControlMinder can provide protection for system test data, controlling who has access to the information on systems. CA DataMinder can apply rules to the movement of test data even for those people who have the access rights to the data. CA ControlMinder can help protect source libraries. CA GovernanceMinder can confirm that access rights to source codes and library are granted only to approved users, based on roles, responsibilities and business needs SECURITY IN DEVELOPMENT AND SUPPORT PROCESSES Control objectives: To maintain the security of application system software and information Information leakage CA DataMinder can help provide control of information across multiple leak points in the organization, such as , Instant Messaging, FTP, printing and saving to USB. 12 Copyright 2013 CA. All rights reserved.

13 ISO27001 : Sección 13 Gestión de incidentes en seguridad de información Control CA Solution Support 13.1 REPORTING INFORMATION SECURITY EVENTS AND WEAKNESSES Control objectives: To ensure information security events and weaknesses associated with information systems are communicated in a manner allowing timely corrective action to be taken Reporting information security events CA Service Desk Manager provides a means of receiving and managing reports of security incidents Reporting security weaknesses Consultancy services can provide advice on the processes and employee education needs for reporting of security weaknesses. CA Service Desk Manager can be used as a central place to make, record and manage those reports MANAGEMENT OF INFORMATION SECURITY INCIDENTS AND IMPROVEMENTS Control objectives: To ensure a consistent and effective approach is applied to the management of information security incidents learning from information security incidents CA User Activity Reporting Module provides a view of enterprise wide security activity and incidents Collection of evidence Consultancy services can provide advice on the procedures for evidence gathering and handling. CA User Activity Reporting Module provides a means to collect and report on logs and security activity and can support follow up action on security incidents. 13 Copyright 2013 CA. All rights reserved.

14 ISO27001 : Sección 15 Cumplimiento Control CA Solution Support 15.1 COMPLIANCE WITH LEGAL REQUIREMENTS Control objectives: To avoid breaches of any law, statutory, regulatory or contractual obligations and of any security requirements Data protection and. Where personal information is held on IT systems it can be protected with CA ControlMinder. privacy of personal CA DataMinder can help control the use and movement of personal information to maintain its information privacy, even when access rights to the data are granted. Access to protected data and private information can be limited, managed and controlled with CA GovernanceMinder, based on the user s business needs, role, responsibilities, etc Prevention of Inappropriate use of information processing facilities can be controlled by CA ControlMinder misuse of information for servers and CA SiteMinder for web applications. CA IdentityMinder provides facilities to processing facilities manage the identity of people authorized to use information processing facilities of IT systems. CA GovernanceMinder can prevent logical access to information processing facilities by unauthorized users COMPLIANCE WITH SECURITY POLICIES AND STANDARDS AND TECHNICAL COMPLIANCE Control objectives: To ensure compliance of systems with organizational security policies and standards Compliance with security policy and standards Technical compliance checking CA UARM provides a view of CA IAM enterprise-wide security activity and incidents that can be used to review the adherence to the organization s security policies and standards. CA GovernanceMinder can be used in order to define rule and restrictions that are based on the security policy. Once defined monitoring of violations can be done with provided dashboards and reports. A preventive policy checks can be used, during requests and adm processes. CA GovernanceMinder can be used to define rules and restrictions that are based on the security policy. Once defined, monitoring of violations can be done with provided dashboards 14 Copyright 2013 CA. All rights reserved.

29 FOR INFORMATION PURPOSES ONLY Terms of this presentation This presentation was based on current information that may outline CA s general product direction as of April 2013 and is subject to change by CA at any time without notice. Notwithstanding anything in this presentation to the contrary, upon the general availability of any future CA product release referenced in this presentation, CA will make such release available (i) for sale to new licensees of such product; and (ii) to existing licensees of such product on a when and if available basis as part of CA maintenance and support, and in the form of a regularly scheduled major product release. Such releases may be made available to current licensees of such product who are current subscribers to CA maintenance and support on a when and if available il basis. In the event of a conflict between the terms of this paragraph and any other information contained in this presentation, the terms of this paragraph shall govern. All information in this presentation is for your informational purposes only and is provided as is without warranty of any kind. In no event will CA be liable from this presentation. No unauthorized copying or distribution permitted. 29 Copyright 2013 CA. All rights reserved.

ITIL v3 y BSM: cómo optimizar la ruta Mauricio Garibay Septiembre, 2008 Legal This presentation was based on current information and resource allocations as of September 19th, 2008 and is subject to change

Medidas preventivas para evitar el robo de datos. José Manuel Rodriguez Sales Manager Seguridad Oracle Iberica This document is for informational purposes. It is not a commitment to deliver any material,

Instrucciones para la instalación de IBM SPSS Data Access Pack para Linux Note: Before using this information and the product it supports, read the general information under Notices el p. 4. This document

IBM Software Group Software Expo 2005 INTRODUCCION A ITIL Mayo 2005 ITIL Defined The Information Technology Infrastructure Library (ITIL) R is a framework of IT Best Practices defined in a series of books.

Environmental Management System Training Sistema de gestión ambiental What is an EMS? Qué es el sistema de Systematic way of managing an organization s environmental concerns Focused on Continual Improvement

Abel Espino Microsoft Panamá Internet = Un Mundo de Oportunidades Look What s at your fingertips A way to communicate with friends, family, colleagues Access to information and entertainment A means to

To ensure the functioning of the site, we use cookies. We share information about your activities on the site with our partners and Google partners: social networks and companies engaged in advertising and web analytics. For more information, see the Privacy Policy and Google Privacy &amp Terms.
Your consent to our cookies if you continue to use this website.